ORGANIZATION-BASED POLICIES
First Claim
1. A computer-implemented method comprising:
- detecting, by a computer system, a first event relative to a first user;
determining, by the computer system, that the first user belongs to a first organization that is represented by a first leaf node in a hierarchical tree of nodes, based at least in part on the first event;
determining, by the computer system, that a first policy is associated with a parent node of the first leaf node;
determining, by the computer system, that a second policy is associated with the first leaf node;
in response to determining that the second policy is associated with the first leaf node, selecting, by the computer system, the second policy instead of the first policy for application to the first user; and
applying, by the computer system, the selected policy to the first user.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for representating, managing and storing data related to an organization are provided. An identity management system is disclosed that is configured to manage, represent and store data related to an organization. The identity management system reads data pertaining to an organization from a directory and generates a data model of the organization. The identity management system performs operations to manage the data related to an organization using the data model. The operations include adding logical organizations to the data model and defining user-membership policies associated with entities and logical organizations in the data model. The operations may further include identifying policies to be applied to the users of the organization. In some embodiments, the operations include re-assigning a logical organization and its associated user membership policies to different entities within in the data model while maintaining user-membership policies associated with the logical organization.
13 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
detecting, by a computer system, a first event relative to a first user; determining, by the computer system, that the first user belongs to a first organization that is represented by a first leaf node in a hierarchical tree of nodes, based at least in part on the first event; determining, by the computer system, that a first policy is associated with a parent node of the first leaf node; determining, by the computer system, that a second policy is associated with the first leaf node; in response to determining that the second policy is associated with the first leaf node, selecting, by the computer system, the second policy instead of the first policy for application to the first user; and applying, by the computer system, the selected policy to the first user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An identity management system, comprising:
-
a data reader configured to read data from a directory of an organization; a data modeler configured to generate a data model of the organization based at least in part on the data, the data model comprising a hierarchical tree of nodes representing one or more entities of the organization; and a policy identifier configured to identify a policy to be applied to a first user of the organization, the policy identifier further configured to; detect a first event relative to the first user; based at least in part on the first event, determine that the first user belongs to a first entity of the one or more entities of the organization, the first entity represented by a first leaf node in the hierarchical tree of nodes; determine that a first policy is associated with a parent node of the first leaf node; determine that the second policy is associated with the first leaf node; in response to determining that the second policy is associated with the first leaf node, identifying the second policy instead of the first policy for application to the first user; and applying, by the computer system, the second policy to the first user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
-
instructions that cause the one or more processors to detect a first event relative to a first user; instructions that cause the one or more processors to determine that the first user belongs to a first organization that is represented by a first leaf node in a hierarchical tree of nodes, based at least in part on the first event; instructions that cause the one or more processors to determine that a first policy is associated with a parent node of the first leaf node; instructions that cause the one or more processors to determine that a second policy is associated with the first leaf node; in response to determining that the second policy is associated with the first leaf node, instructions that cause the one or more processors to select the second policy instead of the first policy for application to the first user; and instructions that cause the one or more processors to apply the selected policy to the first user. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification